[apparmor] [PATCH] utils: Do not attempt to add same profile file again
Goldwyn Rodrigues
rgoldwyn at suse.de
Tue Nov 28 18:04:03 UTC 2017
From: Goldwyn Rodrigues <rgoldwyn at suse.com>
If the profile in profles and profile_data are the same, then don't attempt
to attach.
1. mkdir /tmp/apparmor.d/
cp -r /etc/apparmor.d/abstractions /tmp/apparmor.d/
cp -r /etc/apparmor.d/tunables /tmp/apparmor.d/
2. Generate basic profiles for the all executable files in one dir:
aa-autodep -d /tmp/apparmor.d/ /usr/sbin/*
Signed-off-by: Goldwyn Rodrigues <rgoldwyn at suse.com>
---
utils/apparmor/aa.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index 9fdc11f7..de09866c 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -2063,6 +2063,8 @@ def attach_profile_data(profiles, profile_data):
if profiles.get(p, False):
for hat in profile_data[p].keys():
if profiles[p].get(hat, False):
+ if profiles[p][hat]['filename'] == profile_data[p][hat]['filename']:
+ return
raise AppArmorException(_("Conflicting profiles for %s defined in two files:\n- %s\n- %s") %
(combine_name(p, hat), profiles[p][hat]['filename'], profile_data[p][hat]['filename']))
--
2.14.2
More information about the AppArmor
mailing list